Uli Fouquet wrote: > Ok. I'll put something into the zope.app.authentication branches for > review.
Great! > Two remaining questions: I would like to use `os.urandom` instead of > `random.randint` to create the salt, because this is recommended in > cryptographic contexts. There was, however, a problem with this module > in former times: sometimes it stopped until enough entropy was > available, which could make threads and processes hang. Is this still an > issue? Well, the Linux man page for "urandom" says that /dev/urandom never blocks, while /dev/random can block if the entropy pool runs out. I assume os.urandom uses /dev/urandom. > Last question: How should we handle lack of SHA-2 hashes in the Python > standard lib of 2.4? Self-implementing sounds too error-prone to me > while existing Python ports of the reference implementation in PyCryto > etc. are implemented in C which would make `zope.app.authentication` a > binary package. Something I would like to avoid. Or is support for > Python 2.4 running out anyway? Let's not implement the SHA-2 version yet. SSHA, based on SHA-1, is sufficient for now. Shane _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )